13 Cyber Security Solutions Explained
Cyber Security Solutions have been developed to secure all areas of a business including the network, hardware, software, data, accounts, and people.
There are Cyber Security Solutions to provide a wide range of protection options for your company, with services to aid your teams with training and awareness, solutions to help with patch management of your devices, and solutions to identify variations in behavior for your network.
While there are many services dedicated to protecting a single aspect of your business, other solutions aim to combine multiple technologies and provide broader coverage to more of your systems.
Other Cyber Security Solutions aim to act as a single platform and incorporate the information and data from multiple products into a single comprehensive view of your organization’s security.
Where budgets and financial restrictions limit your organization’s options for cybersecurity, there are multiple solutions that provide free tiers to their services. These are covered under the following post to implement cyber security for a small business.
1. Endpoint Security Solutions
Endpoint devices are often represented by network-connected devices which are interacted with by users. This commonly includes devices such as laptops, desktops, and mobiles, but can extend to other network-connected devices.
Endpoint security solutions can provide a range of useful features to help secure and manage these devices and often blend multiple individual security operations to form a single endpoint protection platform, including features such as:
- Device Administration and Management
- Patch and Configuration Management
- Application Restrictions and Controls
- Malware Detection and Response
- Software Firewall Management
- Behavioral Analysis and Threat Detection
The following products are examples of Endpoint Security Solutions:
2. Mobile Device Management
A mobile device management (MDM) solution provides an endpoint protection service that is specifically targeted towards mobile security.
Mobile devices are often used for business email access, messaging applications, and other functions. Whether the devices in use are company-issued, or personal devices, they can contain business-sensitive data and authentication information.
Securing these devices, the applications they use, their authentication methods, and their accessible data is therefore important for business continuity and data loss prevention.
MDM solutions can create specific policies that can be remotely applied to any connected device. These security policies can define best practice security settings, password configuration requirements, minimum operating system versions, and can limit the types of applications that are accessible to be installed.
The following products are examples of Mobile Device Management Solutions:
3. Intrusion Prevention Systems
An IPS can be installed as a physical device or set up through the use of software. An IPS aims to monitor network traffic for “abnormal” behavior and to take action on activities seen as a potential threat to automatically block, or drop network connections as well as report on the incident.
The process of monitoring is similar to that of an IDS, whereas an IPS aims to automatically respond to threats rather than raise alerts to a security team.
While many IPS systems focus on network activity and patterns in behavior they can also be designed to drop and block other types of connections and can also focus on a single host, monitoring the activity to and from an individual host.
IPS systems can be useful for their automated features to secure your devices and improve network security, as well as align with compliance standards, however as they need to learn and understand what is considered “normal” behavior for your devices and network, there may be a learning curve and false positives can occur where legitimate activity is blocked.
The following products are examples of Intrusion Prevention Solutions:
- Trend Micro TippingPoint
- Trellix Intrusion Prevention System
- Check Point Quantum Intrusion Prevention System
4. Intrusion Detection Systems
An IDS can be installed as a physical device or set up through the use of software. An IDS aims to monitor network traffic for “abnormal” behavior and to raise alerts to draw the attention of security teams, often through the use of a SIEM.
A security team can then determine an action to take such as blocking, or dropping network connections as well as conducting a follow-up investigation on the incident.
An IDS has the same core monitoring functionality as an IPS system but is intended to raise the alarm for a security team to respond and take action rather than automatically respond and risk unnecessary or detrimental actions.
Similar to an IPS an IDS system can be installed in a location to monitor network traffic as a whole or to monitor the inbound and outbound connections for an individual host.
IDS systems can be useful as part of an overall SIEM solution, where organizations manage their security through a unified overview of the state of their security.
The following products are examples of Intrusion Detection Solutions:
5. Identity and Access Management
IAM solutions are intended to verify the valid identity of the individual attempting to access your company’s resources and ensure they have limited or restricted access only to the specific resources that they have been permitted to access.
This process requires the accurate management of user privileges by administrators so that users can be correctly assigned their permissions and access to resources.
This may need to be continuously updated as new users join the company, or others leave the company or change roles and require different access permissions.
Many IAM solutions offer integrations with other platforms, to allow a unified view and management of your accounts, and provide control over password complexity, access restrictions, MFA requirements, and SSO configuration.
The following products are examples of Identity & Access Management Solutions:
6. Data Security Solutions
Data security solutions are intended to improve your organization’s data protection management and control over your sensitive data.
This can be through categorizing your data, implementing access controls, setting up encryption for data at rest and in transit, and restricting the categories of data that can be transferred externally.
With some solutions, this can require some initial time investment to set up the solution and quantify and categorize the type of sensitive data you have, whereas other solutions aim to automate the sensitive data discovery phase and to find and categorize your data automatically.
The following products are examples of Data Security Solutions:
7. AntiMalware Protection and Antivirus Software
Antivirus and antimalware are solutions that can be installed on a range of devices to provide protection against common security threats to your business. There are several methods commonly used to identify malware for your devices.
Signature-based detection and response relies on a digital signature of the files and programs you attempt to access listed in a database of known malicious signatures. Where a signature match is identified the malware will be blocked.
While this method has its uses, altering a file or program to still carry out the same actions with a different signature is possible and can bypass this process.
Behavior-based detection is another method of detection. This relies upon the actions a file or program may be attempting to carry out to be seen as unusual, suspicious, or associated with known malware activities, which are then subsequently blocked.
While this can be a useful function to secure devices, it can also restrict legitimate actions or overlook certain malicious activities.
Some solutions will use a combination of different detection methods to identify potential malware and provide a more robust security solution, rather than relying on one specific type of detection method.
The following products are examples of AntiMalware/Antivirus Solutions:
8. Firewalls and Web Application Firewalls
Firewalls are typically intended to restrict the devices and services that individuals can access. This can be from the perspective of an external user accessing your internal business resources or an internal user attempting to access online content you may want to restrict.
For example, you may have a server configured to provide external users access to a website, however, you wouldn’t want external users to access the same server on a management port.
A firewall provides this level of fine-grained rules which can be applied to your devices and networks permitting or restricting access to certain services.
Web Application Firewalls
Web Application Firewalls (WAF) have a different intended function, focused on web application security.
Rather than limit access to a device or service as a whole, a WAF aims to identify certain types of website requests that are associated with cyber-attacks or malicious activity and to drop or block these requests, or deny further access to the application from that user.
The following products are examples of Firewall Solutions:
9. Patch Management Solutions
A patch management solution is intended to provide a single management point where it is possible to maintain the patch levels for a range of devices and software which may be divided between office workers and remote workers.
Maintaining up-to-date devices and software is vital for your organization’s security posture, particularly for any systems that are made accessible over the internet.
New security threats are continuously identified and the time between identification and exploitation has shrunk, requiring faster response times to patch your devices, particularly any systems considered to be critical.
Patch management solutions will often provide a range of useful features beyond automating the patch management process.
These features can include, visibility of all of your devices, their current configuration and installed software, the ability to remotely access your devices and make manual changes where necessary, and the ability to implement policy changes and define security standards that will be applied to each of your managed devices.
The following products are examples of Patch Management Solutions:
10. Vulnerability Management Services
Vulnerability management solutions also aim to provide a unified view of your managed devices, their current operating system, and installed software.
These tools aim to represent relevant vulnerability data for each of your systems and display the potential risks to your business and threat intelligence data.
Vulnerability management solutions can often be standalone services, aiming to provide a comprehensive set of tools to assess and report your cyber threats, however, these tools can also be designed as a unified platform to integrate multiple information sources, such as vulnerability scanning tools, threat intelligence feeds and other vulnerability data sources.
A vulnerability management platform can provide insight into your defense-in-depth security strategy, outlining potential attack paths that attackers may take when attempting to navigate through your systems. This allows for proactive mitigation and preventative actions to be taken to combat potential cyber threats.
Management systems can also be used for threat simulations and training exercises, where your team is trained in their ability to respond to threats and prevent data breaches from occurring.
The following products are examples of Vulnerability Management Solutions:
- Qualys Vulnerability Management Detection and Response
- Holm Security Next-Gen Vulnerability Management
- Rapid7 Vulnerability Management Service
11. Security Information and Event Management
A SIEM solution provides a central point where data logs, network activities, user events, and other sources of information are recorded and analyzed to identify potential emerging threats and unusual patterns in behavior.
Data collection from multiple sources is typically achieved by installing software agents on a range of devices and at key points to monitor inbound and outbound network traffic.
Policies can then be established for what is considered to be “safe” or normal activity and anything that falls outside of this can raise a security alert to be acted upon by an incident response team.
This process allows your security teams to respond to potential threats before they occur, and to have the necessary data available to conduct forensic investigations into the devices and systems involved in a security incident.
The following products are examples of SIEM Solutions:
12. Security Awareness Testing and Training
Security awareness training can be a critical part of your organization’s overall security and is often included in many compliance standards.
Where you have cybersecurity solutions in place but inadequate staff training on required security standards, cyber threats and attacks may continue to impact your business.
For each of your internal standards and processes, security can be a component that needs to be understood and followed by each member of your team.
Businesses are also routinely impacted by external cyber attacks and Phishing attacks, attempting to access your data and devices.
These threats need to be understood and your team’s crucial role in identifying these threats needs to be outlined and communicated effectively.
Cyber security training can be automated through the use of online portals, which allow you to conduct regular assessments and track your team’s understanding and progress with recognizing cyber threats over time.
Training can also be conducted through seminars hosted internally or externally which aim to highlight the modern threat landscape, potential risks that many organisations face, and how these threats can be identified and avoided.
The following products are examples of Security Training Solutions:
- Knowbe4 Security Awareness Training
- MetaCompliance Cyber Security Awareness Training
- Hoxhunt Security Awareness
13. Secure Software Development Lifecycle
Where software development is an integral part of your business processes, cybersecurity tools have been developed to integrate secure development practices into the development lifecycle.
These security tools can be used to actively review code development as it is written and to highlight potential security issues and additional recommendations to improve secure code development.
Additional security tools can be integrated into the functionality testing phases of your development sprints to ensure that both functionality tests and security tests are passed at each stage of the development process before progressing with further code development.
The following products are examples of Secure Software Development Solutions:
Security Testing The Security Solutions
Implementing a security solution does not necessarily mean that all security concerns have been addressed, or that the solution is working perfectly.
Conducting a security review and test of each of the cyber security controls in place for your organization is important to understand their benefits, functionality, and validate that they are working as intended.
This process is also important to review the limitations and gaps in security that any solution may present so that additional solutions or mitigating factors can be implemented to close the potential gaps in your security posture.
Different types of security testing and the phases for a penetration test are detailed here, for further consideration when arranging a security test with a third party.
Testing Methods for Cyber Security Services
Where a cyber security solution is subject to security testing to understand its functionality and limitations, it can be important to establish an initial baseline of your organization’s security before testing the implemented cyber security solution.
This can be conducted through a security test without the managed security services in place or allowing the security testing team to bypass the cybersecurity solutions.
By conducting a security assessment with no cybersecurity solutions in place, the underlying vulnerabilities within a system can be identified, and a comprehensive view of the state of security for the device obtained.
The vulnerabilities can then each be reviewed against the device with the cybersecurity solutions enabled. This allows the effectiveness of the solution to be assessed to determine if it provides a level of protection against known vulnerabilities and exploitation techniques.
While cybersecurity solutions should not be considered as a method to cover up vulnerabilities, and identified vulnerabilities should still be resolved, it can provide a level of assurance that your systems will remain secure in the event additional vulnerabilities are identified in the future.
Testing Antimalware/Antivirus Solutions
Where Antimalware solutions are in place, tests can be conducted to determine potential bypass methods for different file types and different behaviors for each file.
Where cyber security testing is being conducted for your user’s devices this can be a requested type of test to be incorporated.
Testing IPS/IDS Solutions
IPS, IDS, and SIEM solutions can be assessed to determine what types of activity on a network will be identified and what may go unnoticed.
This type of security testing can be incorporated into network security testing to verify if any of the vulnerabilities identified can be exploited with the system in place.
Testing Patch Management
Patch management solutions can be relatively straightforward to test their effectiveness.
Using vulnerability scanning tools or third-party security testing companies a list of vulnerabilities for your devices can be identified, including vulnerabilities that arise due to missing patches.
To ensure a complete list of patches is identified, a vulnerability scan or security test should be completed using authentication credentials for your devices to gain complete visibility of all the operating system updates and software patches that may be missing.
This information can then be used to refine your existing patching solution and investigate the causes of any missing or unreported patches.
Testing Security Training
Security training for your team can include a mixture of automated solutions where your team can answer questions and quizzes related to Phishing attacks and other security-related topics.
Manual security testing methods can also be conducted against your teams, through simulated Phishing exercises and social engineering tests, aimed at accessing critical assets and information related to your business.
Testing Firewalls and Web Application Firewalls
Your firewalls are designed to enforce a specific set of rules for accessing devices and services.
Assessing these functions can be included with network security tests, with the specific goal of conducting a review of each open and accessible port allowed through the device.
While firewalls themselves typically allow what is defined, as larger and more complex rulesets are defined, it can often be the case that a misconfiguration has permitted certain services that were not originally intended to be accessible.
Web application firewalls can be assessed as part of web application security tests, where the security test is conducted initially with the WAF disabled for the security tester, allowing all possible vulnerabilities to be identified. The WAF can then be enabled, and each identified vulnerability reviewed to determine what issues are still identifiable and exploitable.
Conclusion
As security has become a greater priority for many businesses, an increasing number of cybersecurity solutions have been developed to address the continually evolving threats that organizations face.
Each security service can play a role in securing your company but typically does not provide a single all-purpose solution to every possible threat that impacts businesses.
The security of an organization is a continuous “work in progress” solution that requires multiple types of management, administration, security best practices, patching, configuration, security testing, and ideally a number of security tools to aid in this constantly evolving process.
Where you have any further questions regarding different cybersecurity solutions, our consultants are available to address any concerns you may have.